DirectX: The New Hyper-V Attack Surface

Discover the shocking new attack surface in DirectX, including vulnerabilities in DSGK-VMB, vid-shi-signal-sync-object and DSG_KERNEL_Linux_KERNEL, and how they can be exploited using DxG kernel IOCTLs.

Key takeaways
  • The DSGK-VMB command is vulnerable to attacks due to the lack of proper initialization of variables in the cvn32k_logs structure.
  • The vid-shi-signal-sync-object function is vulnerable to non-pointer reference vulnerabilities, allowing an attacker to control the ISRs and access arbitrary memory locations.
  • The DSG_HOST_VIRTUAL_GPU_VMBOS_VMBOS_COMMAND_TABLE_VGPU2_HOST_TABLE table contains a large number of commands that can be used to exploit the vulnerability.
  • The DSG_KERNEL_Linux_KERNEL module is vulnerable to arbitrary address read vulnerabilities due to the lack of proper bounds checking.
  • The DxG kernel through a set of IOCTLs, provides a way to interact with the DSG kernel and exploit the vulnerability.
  • The Hyper-V direct as component architecture provides a new attack surface that can be exploited by an attacker.

More talks

Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip

MaginotDNS: Attacking the Boundary of DNS Caching Protection

Malware Classification With Machine Learning Enhanced by Windows Kernel Emulation

SAINTCON 2023 - Jacob Oakley - In Space, No One Can Hear You Ping

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Crypto Wallets

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling